Fix corner case uses of memory_buffer_alloc.c The corner cases fixed include: * Allocating a buffer of size 0. With this change, the allocator now returns a NULL pointer in this case. Note that changes in pem.c and x509_crl.c were required to fix tests that did not work under this assumption. * Initialising the allocator with less memory than required for headers. * Fix header chain checks for uninitialised allocator.

commit: 8ad5acd6da039ba4eb2f43da8cf1b07e6971135f [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Mon Jan 30 14:34:25 2017 +0000
committer: Andres Amaya Garcia <andres.amayagarcia@arm.com> Tue Jan 23 21:03:49 2018 +0000
tree: 4358e9ea28b98328e7bec0c78e381d9a4457e5f9
parent: 6598af0bef67822729023e430574772a6f44b8d5 [diff] [blame]
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 91bbf05..33ad19a 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c

@@ -257,7 +257,7 @@
 {
     int ret;
     size_t len;
-    unsigned char *p, *end;
+    unsigned char *p = NULL, *end;
     mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
     mbedtls_x509_crl *crl = chain;
 
@@ -294,7 +294,7 @@
     /*
      * Copy raw DER-encoded CRL
      */
-    if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
+    if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 
     memcpy( p, buf, buflen );
commit	8ad5acd6da039ba4eb2f43da8cf1b07e6971135f	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Mon Jan 30 14:34:25 2017 +0000
committer	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Tue Jan 23 21:03:49 2018 +0000
tree	4358e9ea28b98328e7bec0c78e381d9a4457e5f9
parent	6598af0bef67822729023e430574772a6f44b8d5 [diff] [blame]